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1 DETAILED ACTION 

2 This action is in response to the communication filed on 6/3/2005. 

3 Response to Arguments 

4 The rejection of claims 1-20 under 35 USC 1 12 2 nd Paragraph has been withdrawn due to 

5 the amendments to the independent claims 1, 8, and 14, which have corrected the clarity issue. 

6 Applicant's arguments with respect to claim 6/3/2005 have been considered but are moot 

7 in view of the new ground(s) of rejection. 

8 Furthermore, the examiner would like to note the statement made by the applicant in the 

9 last paragraph of page 9 through the first paragraph of page 10 in the communication dated 

10 6/3/2005. The applicant states that because Elgamal fails to mention certificate revocation, it 

1 1 could not be possible for it to be obvious to use certificate revocation in Elgamal. The examiner 

12 disagrees with this statement entirely. The examiner recognizes that obviousness can only be 

13 established by combining or modifying the teachings of the prior art to produce the claimed 

14 invention where there is some teaching, suggestion, or motivation to do so found either in the 

15 references themselves or in the knowledge generally available to one of ordinary skill in the art. 

16 See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re Jones, 958 F.2d 347, 

17 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, as shown below, simply because Elgamal did 

18 not specifically address certificate revocation, does not mean it would not be obvious to use 

19 certificate revocation in combination with Elgamal. 

20 Claims 1-21 have been examined. 

21 All objections and rejections not set forth below have been withdrawn. 
22 
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1 Information Disclosure Statement 

2 The information disclosure statements (EDS) submitted on 3/14/2005 and 3/28/2005 are 

3 in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the 

4 information disclosure statement. 

5 Claim Rejections - 35 USC §103 

6 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

7 obviousness rejections set forth in this Office action: 

8 A patent may not be obtained though the invention is not identically disclosed or 

9 described as set forth in section 102 of this title, if the differences between the subject matter 

1 0 sought to be patented and the prior art are such that the subject matter as a whole would have 

1 1 been obvious at the time the invention was made to a person having ordinary skill in the art to 

1 2 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

1 3 the invention was made. 
14 

15 Claims 1-5, 7-12, 14-18, and 20 are rejected under 35 U.S.C. 103(a) as being 

16 unpatentable over Elgamal et al. (US Patent Number 5,657,390) hereinafter referred to as 

17 Elgamal, and further in view of Housley et al (RFC 2459) hereinafter referred to Housley. 

18 Regarding claim 1, Elgamal disclosed a method of establishing a secure communication 

19 path between two computer systems (See Elgamal Col. 3 Paragraph 3) comprising: creating a 

20 communication path to exchange data, (See Elgamal Col. 6 Line 57 - Col. 7 Line 12) including 

21 identification data and digital certification data, between the two systems (See Elgamal Fig. 4 

22 and Col. 7 Lines 13-40 and Fig. 5 and Col. 8 Line 45 - Col. 10 Line 23); determining, based on 

23 the identification data, whether to confirm the digital certification data (See Elgamal Figs. 4-5, 

24 Col. 7 Lines 20-65, Col. 10 Lines 3-23, Col. 20 Lines 25-32, Col. 22 Line 56 - Col. 23 Linel8); 

25 and creating a secure communication path, without confirming the digital certification data if it is 
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determined the digital certification data should not be confirmed (See Elgamal Fig. 5 and 
corresponding text) , or after confirming the digital certification data if it is determined that the 
digital certification data should be confirmed (See Elgamal Fig. 4 and Corresponding text), but 
failed to disclose that confirming the digital certification data included verifying that the 
certificate had not been revoked. However, Elgamal did disclose that the certificates used in the 
system were X.509 certificates (See Elgamal Col. 30 Lines 14-19). 

Housley teaches that when verifying an X.509 certificate, a certificate revocation list 
should be checked in order to ensure that the certificate has not become invalid (See Housley 
Page 12 Section 3.3). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Housley in the certificate verification of Elgamal by 
verifying that the certificate was not on a certificate revocation list when verifying the 
certificates. This would have been obvious because the ordinary person skilled in the art would 
have been motivated to ensure that invalidated certificates were not being trusted. 

Regarding claim 8, Elgamal disclosed an information handling system comprising: one or 
more processors; a memory accessible by the processors; a nonvolatile storage accessible by the 
processors; a network interface connecting the information handling system to a computer 
network (See Elgamal Col. 3 Lines 46-55); and a network security tool to create a secure path 
between computer systems (See Elgamal Col. 3 Paragraph 3), the network security tool 
including: means for creating a communication path to exchange data, (See Elgamal Col. 6 Line 
57 - Col. 7 Line 12) including identification data and digital certification data, between the two 
systems (See Elgamal Fig. 4 and Col. 7 Lines 13-40 and Fig. 5 and Col. 8 Line 45 - Col. 10 Line 



Application/Control Number: 09/864, 1 1 0 Page 5 

Art Unit: 2131 

1 23); means for determining, based on the identification data, whether to confirm the digital 

2 certification data (See Elgamal Figs. 4-5, Col. 7 Lines 20-65, Col. 10 Lines 3-23, Col. 20 Lines 

3 25-32, Col. 22 Line 56 - Col. 23 Linel8); and means for creating a secure communication path, 

4 without confirming the digital certification data if it is determined the digital certification data 

5 should not be confirmed (See Elgamal Fig. 5 and corresponding text) , or after confirming the 

6 digital certification data if it is determined that the digital certification data should be confirmed 

7 (See Elgamal Fig. 4 and Corresponding text), but failed to disclose that confirming the digital 

8 certification data included verifying that the certificate had not been revoked. However, Elgamal 

9 did disclose that the certificates used in the system were X.509 certificates (See Elgamal Col. 30 

10 Lines 14-19). 

1 1 Housley teaches that when verifying an X.509 certificate, a certificate revocation list 

12 should be checked in order to ensure that the certificate has not become invalid (See Housley 

13 Page 12 Section 3.3). 

14 It would have been obvious to the ordinary person skilled in the art at the time of 

1 5 invention to employ the teachings of Housley in the certificate verification of Elgamal by 

16 verifying that the certificate was not on a certificate revocation list when verifying the 

1 7 certificates. This would have been obvious because the ordinary person skilled in the art would 

1 8 have been motivated to ensure that invalidated certificates were not being trusted. 

19 Regarding claim 14 Elgamal disclosed a computer program product stored on a computer 

20 operable medium for providing one or more secure connections form a computer system (See 

21 Elgamal Abstract and Claims), said computer program product comprising: means for creating a 

22 communication path to exchange data, (See Elgamal Col. 6 Line 57 - Col. 7 Line 12) including 
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1 identification data and digital certification data, between the two systems (See Elgamal Fig. 4 

2 and Col. 7 Lines 13-40 and Fig. 5 and Col. 8 Line 45 - Col. 10 Line 23); means for determining, 

3 based on the identification data, whether to confirm the digital certification data (See Elgamal 

4 Figs. 4-5, Col. 7 Lines 20-65, Col. 10 Lines 3-23, Col. 20 Lines 25-32, Col. 22 Line 56 - Col. 23 

5 Line 18); and means for creating a secure communication path, without confirming the digital 

6 certification data if it is determined the digital certification data should not be confirmed (See 

7 Elgamal Fig. 5 and corresponding text) , or after confirming the digital certification data if it is 

8 determined that the digital certification data should be confirmed (See Elgamal Fig. 4 and 

9 Corresponding text), but failed to disclose that confirming the digital certification data included 

10 verifying that the certificate had not been revoked. However, Elgamal did disclose that the 

1 1 certificates used in the system were X.509 certificates (See Elgamal Col. 30 Lines 14-19). 

12 Housley teaches that when verifying an X.509 certificate, a certificate revocation list 

13 should be checked in order to ensure that the certificate has not become invalid (See Housley 

14 Page 12 Section 3.3). 

1 5 It would have been obvious to the ordinary person skilled in the art at the time of 

16 invention to employ the teachings of Housley in the certificate verification of Elgamal by 

1 7 verifying that the certificate was not on a certificate revocation list when verifying the 

1 8 certificates. This would have been obvious because the ordinary person skilled in the art would 

19 have been motivated to ensure that invalidated certificates were not being trusted. 

20 Regarding claim 21, Elgamal disclosed a method of establishing a secure communication 

21 path between two computer systems comprising (See Elgamal Col. 3 Paragraph 3): creating a 

22 communication path to exchange data, including identification data and digital certification data, 
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1 between the two systems (See Elgamal Col. 6 Line 57 - Col. 7 Line 12 and Fig. 4 and Col. 7 

2 Lines 13-40 and Fig. 5 and Col. 8 Line 45 - Col. 10 Line 23), determining, based on the 

3 identification data, whether to confirm the digital certification data (See Elgamal Figs. 4-5, Col. 

4 7 Lines 20-65, Col. 10 Lines 3-23, Col. 20 Lines 25-32, Col. 22 Line 56 - Col. 23 Linel8), 

5 wherein the determining includes consulting an internal table, the internal table including 

6 identification data of all computer systems for which it is not necessary to confirm the 

7 certification data (See Elgamal Col. 10 Lines 3-23); creating a secure communication path, 

8 without confirming the digital certification data if it is determined the digital certification data 

9 should not be confirmed (See Elgamal Fig. 5 and corresponding text) , or after confirming the 

10 digital certification data if it is determined that the digital certification data should be confirmed 

1 1 (See Elgamal Fig. 4 and Corresponding text); selecting a local-remote pair from an endpoints 

12 table corresponding to the computer systems (See Elgamal Col. 9 Line 59 - Col. 10 Line 6); 

13 selecting a policy from a policy table based on the selected local-remote pair, the policy 

14 including one or more access methods (See Elgamal Col. 9 Line 59 - Col. 10 Line 6); and 

15 transmitting one or more security proposals corresponding to the selected policy to the remote 

16 computer system (See Elgamal Col. 10 Lines 3-6), but failed to disclose that confirming the 

17 digital certification data included verifying that the certificate had not been revoked. However, 

1 8 Elgamal did disclose that the certificates used in the system were X.509 certificates (See Elgamal 

19 Col. 30 Lines 14-19). 

20 Housley teaches that when verifying an X.509 certificate, a certificate revocation list 

21 should be checked in order to ensure that the certificate has not become invalid (See Housley 

22 Page 12 Section 3.3). 
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1 It would have been obvious to the ordinary person skilled in the art at the time of 

2 invention to employ the teachings of Housley in the certificate verification of Elgamal by 

3 verifying that the certificate was not on a certificate revocation list when verifying the 

4 certificates. This would have been obvious because the ordinary person skilled in the art would 

5 have been motivated to ensure that invalidated certificates were not being trusted. 

6 Regarding claims 2, 9, and 15, the combination of Elgamal and Housley disclosed that 

7 the determining step includes the step of consulting an internal table, the internal table including 

8 identification data of all computer systems for which it is not necessary to confirm that digital 

9 certification data has not been revoked (See Elgamal Col. 8 Lines 45-61 and Col. 10 Lines 3-23 

10 and Housley Page 12 Section 3.3). 

1 1 Regarding claims 3,10, and 16, the combination of Elgamal and Housley disclosed he 

12 two computer systems include a local and a remote computer system, the exchanged data further 

13 including one or more authentication proposals from the local computer system and a selected 
14* authentication proposal from the remote system (See Elgamal Col. 5 Paragraph 3 and Col. 10 

15 Lines 3-23). 

16 Regarding claims 4, 1 1, and 17, the combination of Elgamal and Housley disclosed 

17 selecting an access method in response to determining to confirm whether the digital certification 

1 8 data has not been revoked; and invoking the selected access method (See Elgamal Col. 7 Lines 

19 13-40 and Housley Page 12 Section 3.3). 

20 Regarding claims 5, 12, and 18, the combination of Elgamal and Housley disclosed 

21 selecting a local-remote pair from an endpoints table corresponding to the computer systems 

22 (See Elgamal Col. 8 Line 45 - Col. 9 Line 31); selecting a policy from a policy table based on 
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1 the selected local-remote pair, the policy including one or more access methods (See Elgamal 

2 Col. 9 Lines 9-14); and transmitting one or more security proposals corresponding to the selected 

3 policy to the remote computer system (See Elgamal Col. 10 Lines 3-6). 

4 Regarding claims 7 and 20, the combination of Elgamal and Housley disclosed digitally 

5 signing a message using a private key corresponding to one of the computer systems; and 

6 sending the signed message to the other computer system (See Elgamal Figs. 4 and 5 and Col. 8 

7 Lines 5-20). 

8 Claims 6, 13, and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over the 

9 combination of Elgamal and Housley as applied to claims 1, 8, and 14 above, and further in view 

1 0 of Schneier (Applied Cryptography). 

1 1 Elgamal and Housley disclosed receiving a remote digital certificate from the other 

12 computer system (See Elgamal Col. 7 Lines 20-26), but Elgamal failed to disclose verifying the 

13 certification authority signature on the certificate. However, Elgamal did disclose issuing a "bad 

14 certificate" error if the signature on the certificate was bad (See Elgamal Col. 20 Lines 25-33). 

1 5 Schneier teaches that certification authorities sign certificates, and that in order to verify 



16 whether a certificate is bad or not, the signature of the certification authority on the certificate 

17 must be verified (See Schneier Pages 185 - 186 Section Entitled "Public-key Certificates", 

18 Especially page 186 Lines 1-8). 



1 9 It would have been obvious to the ordinary person skilled in the art at the time of 

20 invention to employ the teachings of Schneier in the certificate authentication of Elgamal and 

2 1 Housley by checking to make sure the signature on the certificate was the signature of a trusted 

22 certification authority. This would have been obvious because the ordinary person skilled in the 
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1 art would have been motivated to ensure that the public key in the certificate was the public key 

2 of the remote party in order to protect against substitution man-in-the-middle attacks. 

3 Conclusion 

4 Claims 1-21 have been rejected. 

5 The prior art made of record and not relied upon is considered pertinent to applicant's 

6 disclosure. 

7 a. Rivest ("Can We Eliminate Certification Revocation Lists") disclosed a method in 

8 which a certificate is checked on revocation lists only if a specified date is expired in the 

9 certificate. 

10 Applicant's amendment necessitated the new ground(s) of rejection presented in this 

1 1 Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

12 Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

13 A shortened statutory period for reply to this final action is set to expire THREE 



14 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

1 5 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

16 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

1 7 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

18 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 

19 however, will the statutory period for reply expire later than SIX MONTHS from the date of this 

20 final action. 
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5 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

6 organization where this application or proceeding is assigned is 571-273-8300. 



8 Application Information Retrieval (PAIR) system. Status information for published applications 

9 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

10 applications is available through Private PAIR only. For more information about the PAIR 

1 1 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

12 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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